Man, there sure is a lot of spam out there. It’s a cyber war! Whether it be in the form of email spam, comment spam, or in my most recent egregious case, registration spam, this stuff is just plain annoying and wasteful.
These bot-created (I think?) spam blog accounts — they call them ‘splog’ — can get so abusive on a website’s resources that it slows it down for everybody else, or worse, start to take further advantage of exploiting the website’s scriptual engine to deliver spam links or malware to the people who visit. Before you know it, your website template is all screwed up and people are complaining to you that your website is dangerous! Yikes!
So, you address the problem. I keep WordPress and all plugins updated. I’ve used Akismet from day one. I added a reCAPTCHA to our registration form, and made sure all other registration entry points were shut off. I added WordFence and WangGuard security plugins — the former being quite helpful for viewing splogger (and genuine) activity, enabling reactive remedies such as blocking IPs, while the latter seemed to do nothing for my particular problem site because, I have a hunch, we are using a non-core membership and registration plugin, WP-Members. Without making some decisions and changes to that rather delicate registration and membership functionality, it didn’t appear WangGuard was going to do anything for our site’s problem.
Browsing the support forums for WP Members in search of any additional measures that could be taken to stop the splogger registrations, I came across a discussion where the plugin author, Chad Butler, suggested perhaps the registrations were being created elsewhere inside WordPress or another plugin, rather than WP Members. This got me wondering, is it possible to trace the script source of a WordPress new user registration? I asked it of Chad in the support forum, but in the meantime gave my search to the engines.
Among the results was the solution I needed to completely stop the spam splogger registrations entirely before they even reach our registration page — the Stop Spammer Registrations Plugin!
The Stop Spammer Registrations Plugin checks comments and logins 15 different ways to block spammers.
In all the plugin uses 15 different strategies to block spammers. Eliminates 99% of spam registrations and comments. Checks all attempts to leave spam against StopForumSpam.com, Project Honeypot, BotScout, DNSBL lists such as Spamhaus.org, known spammer hosts such as Ubiquity Servers, disposable email addresses, very long email address and names, and HTTP_ACCEPT header. Checks for robots that hit your site too fast, and puts a fake comment and login screen where only spammers will find them.
The Stop Spammer Registrations Plugin now checks for spammer IPs much earlier in the comment and registration process. When it detects a spammer IP, the plugin stops WordPress from completing any further operations and an access denied message is presented to the spammer. You control the access denied message, or you can redirect the spammer to another page or website.
In just the past 24 hours, Stop Spammers has stopped 3207 spammers from exploiting my website!